[This has been talked about in tech circles for years; it's hardly suprising that the FBI would finally get around to creating such a beastie. Perhaps an enterprising netrepreneur will take the next step: Creating a "Secure PC" that would be proof against such an attack. Perhaps it would run a better OS than Windows (just about any would do) where programs have privileges, boot from fixed media like a CDROM that would require a physical break-in to alter, require a private key embedded in a keychain plugged in through a USB port to unlock the hard drive partitions where application data are stored, use a flatscreen monitor and certain default typefaces to limit TEMPEST emissions, include an Ethernet/serial port monitor that would try to detect suspicious outgoing packets, compute checksums every night on all executable and other relevant files, feature tamper-proof hardware that would leave a physical or virtual mark if opened by an intruder, be protected by a motion-activated videocam streaming images of intruders to secure offshore websites, and so on. Dedicated hardware that could not be accessed remotely could be hooked up to the SCSI chain and scan key files nightly for the same MD5 checksum as the night before. Or instead of a keychain, your crypto-key could be kept in your Palm, which through a serial link also could be used to offload crypto processing on hardware that's unlikely to be compromised. It's an interesting dual trend and arms race: Police turning to software to snoop on alleged miscreants, while counter-techniques are developing apace. My money's on the defense. --Declan] --- From: "Geoff Gariepy" <geoff_gariepyat_private> To: <declanat_private> Subject: FBI software cracks encryption wall Date: Tue, 20 Nov 2001 14:24:21 -0500 FBI software cracks encryption wall 'Magic Lantern' part of new 'Enhanced Carnivore Project' By Bob Sullivan MSNBC Nov. 20 - The FBI is developing software capable of inserting a computer virus onto a suspect's machine and obtaining encryption keys, a source familiar with the project told MSNBC.com. The software, known as "Magic Lantern," enables agents to read data that had been scrambled, a tactic often employed by criminals to hide information and evade law enforcement. .... MAGIC LANTERN installs so-called "keylogging" software on a suspect's machine that is capable of capturing keystrokes typed on a computer. By tracking exactly what a suspect types, critical encryption key information can be gathered, and then transmitted back to the FBI, according to the source, who requested anonymity. The virus can be sent to the suspect via e-mail - perhaps sent for the FBI by a trusted friend or relative. The FBI can also use common vulnerabilities to break into a suspect's computer and insert Magic Lantern, the source said. http://www.msnbc.com/news/660096.asp?0na=x21017M32 ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. Declan McCullagh's photographs are at http://www.mccullagh.org/ To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Nov 20 2001 - 22:04:24 PST